Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Does Jira V8.13.22 affected by Apache Commons Text ver 1.5-1.9? (CVE-2022-42889) and what is the rec

Shay Keidar
Shay Keidar October 24, 2022

Our server has commons-text.1.6.jar in the plugins but also in the WEB-INF/lib.

Thank you.

Answer
Watch
Like Trent Boorman likes this
643 views

2 answers

2 votes
Eugene G
Eugene G
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 31, 2022

@Shay Keidar You can download v.1.10 from the Apache web site Commons Text – Download Apache Commons Text and replace your outdated version with the new one in the WEB-INF/lib. Do it in non-production environment first to make sure it won't break anything. In our case, neither JIRA and Confluence had any issues after the update. 

Atlassian is always behind with updating third-party components, and if the finding is critical, it's probably better to update it yourself and not rely on any security advisory.

Reply
0 votes
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Champion
October 25, 2022

Hi @Shay Keidar ,

welcome to the Atlassian community!

Atlassian team is currenlty investigationg about that security issue. Please check updates here https://www.atlassian.com/trust/security/advisories

Hope this helps,

Fabio

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.